TEMP.Heretic Analisi

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (44)

Sequenza temporale

Linguaggio

en32
zh10
ru2

Nazione

us34
cn4
gb2
ir2
ru2

Attori

TEMP.Heretic3
RecordBreaker2
FIN72
IcedID2
Cobalt Strike2

Attività

Interesse

Sequenza temporale

Genere

Not Defined18
Router Operating System4
Firewall Software4
Programming Language Software4
Content Management System4

Fornitore

Not Defined14
Apache6
Huawei2
Microsoft2
PaperCut2

Prodotto

PHP4
FusionPBX4
Huawei E5186 4G LTE Router2
Microsoft Windows2
Apache Druid2

Vulnerabilità

#VulnerabilitàBaseTemp0dayOggiSfrConEPSSCTICVE
1jforum User escalazione di privilegi5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002890.04CVE-2019-7550
2TuziCMS BannerController.class.php sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.001720.04CVE-2022-23882
3FusionPBX fax_send.php escalazione di privilegi7.67.5$0-$5k$0-$5kNot DefinedOfficial Fix0.001210.02CVE-2022-35153
4WordPress WP_Query sql injection6.36.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.938470.07CVE-2022-21661
5OpenSSH Authentication Username rivelazione di un 'informazione5.34.8$5k-$25k$0-$5kHighOfficial Fix0.107370.31CVE-2016-6210
6Apple macOS Shortcuts escalazione di privilegi4.44.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000540.00CVE-2023-23522
7Adobe ColdFusion escalazione di privilegi8.68.5$0-$5k$0-$5kHighOfficial Fix0.962720.00CVE-2023-26360
8CloudPanel 2 File Manager autenticazione debole8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.505340.02CVE-2023-35885
9Chamilo LMS wsConvertPpt escalazione di privilegi7.67.6$0-$5k$0-$5kNot DefinedNot Defined0.934040.03CVE-2023-34960
10PHP File Upload form-data Remote Code Execution8.87.9$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.937530.02CVE-2005-3390
11VMware vCenter Server/Cloud Foundation DCERPC Protocol Remote Code Execution8.78.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.001100.04CVE-2023-20892
12Huawei E5186 4G LTE Router DNS Query Packet escalazione di privilegi7.06.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.003250.04CVE-2015-8265
13PaperCut MF/NG libsmb2 escalazione di privilegi9.89.7$0-$5k$0-$5kHighOfficial Fix0.971240.04CVE-2023-27350
14PHP mysqli_real_escape_string buffer overflow8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.009320.04CVE-2017-9120
15Juniper Web Device Manager Authentication autenticazione debole9.89.0$5k-$25k$0-$5kProof-of-ConceptWorkaround0.000000.06
16WordPress Pingback escalazione di privilegi5.75.7$5k-$25k$5k-$25kNot DefinedNot Defined0.001200.03CVE-2022-3590
17FusionPBX login.php cross site scripting5.25.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001470.00CVE-2021-37524
18Object First Management Protocol escalazione di privilegi8.88.6$0-$5k$0-$5kNot DefinedOfficial Fix0.001740.04CVE-2022-44794
19MODX Revolution escalazione di privilegi4.74.6$0-$5k$0-$5kNot DefinedNot Defined0.013460.05CVE-2022-26149
20Apache Flume JMS Source escalazione di privilegi8.07.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.002640.04CVE-2022-34916

Campagne (1)

These are the campaigns that can be associated with the actor:

  • EmailThief

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDindirizzo IPHostnameAttoreCampagneIdentifiedGenereFiducia
1108.160.133.32108.160.133.32.vultr.comTEMP.HereticEmailThief05/02/2022verifiedMedia
2XXX.XX.XX.XXXXxxx.xxxxxxxXxxxxxxxxx05/02/2022verifiedAlto
3XXX.XXX.XXX.XXXXxxx.xxxxxxxXxxxxxxxxx05/02/2022verifiedAlto
4XXX.XXX.XXX.XXXXxxx.xxxxxxxXxxxxxxxxx05/02/2022verifiedAlto

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClasseVulnerabilitàAccesso al vettoreGenereFiducia
1T1006CAPEC-126CWE-22Path TraversalpredictiveAlto
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
3T1059CAPEC-242CWE-94Argument InjectionpredictiveAlto
4TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveAlto
5TXXXXCAPEC-19CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveAlto
7TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveAlto
9TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveAlto
10TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveAlto
11TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
12TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveAlto
13TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (19)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorGenereFiducia
1File/fax/fax_send.phppredictiveAlto
2File/tmp/csman/0predictiveMedia
3File/WebMstr7/servlet/mstrWebpredictiveAlto
4Filexxx/xxxxxx.xxxpredictiveAlto
5Filex_xxxxxxxx_xxxxxpredictiveAlto
6Filexxxxxxxxxxxx.xxxpredictiveAlto
7Filexxxxxxxxx/xxxx-xxxxpredictiveAlto
8Filexxxxxxxxxx.xxxpredictiveAlto
9Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveAlto
10Filexxxxxxxxx/xxxxx.xxxpredictiveAlto
11File\xxx\xxxxxx\xxxxxxxxxx\xxxxxxxxxxxxxxxx.xxxxx.xxxpredictiveAlto
12ArgumentxxxxxxxxpredictiveMedia
13Argumentx_xxxxxxxxpredictiveMedia
14ArgumentxxxxxxxxpredictiveMedia
15ArgumentxxxxpredictiveBasso
16ArgumentxxxxxxxpredictiveBasso
17ArgumentxxxxxxxxxxxxxxpredictiveAlto
18ArgumentxxxpredictiveBasso
19Input Value../..predictiveBasso

Referenze (2)

The following list contains external sources which discuss the actor and the associated activities:

PrecedenteVisione D'insiemeIl prossimo

Want to stay up to date on a daily basis?

Enable the mail alert feature now!